Being a Hotspot, Part 2
May 26, 2004
Picking the type of connection your hotspot has to the Internet might be the easy part; the hard part is dealing with the security issues. Or maybe not dealing with them.
Once a business owner has made the decision to offer clients wireless Internet access, either for free or for a fee, the work begins in earnest. It is time to build out the network, to lay out the physical infrastructure and connectivity that will convert an ordinary sandwich shop into a wireless hotspot.
Choices, choices, choices
First you need a live wire, a broadband link to the Internet. There are several types of backhaul available, including DSL, cable modem, T-1, satellite and so forth -- even fixed wireless in some locations. Typically a business will already have in place the connection that best serves its business needs: More often than not, than same backhaul mode will be the one employed in service of the hotspot.
Clearly, financial considerations will come into play here. That broadband link needs to come through the door at a price that makes the Wi-Fi offering economically feasible. If the connection costs more than you will be taking in -- either through direct revenues or through added customer attraction and retention -- it's time to shop around for a new provider.
For customers to be able to tap into this fast, reliable and hopefully affordable broadband link, you will need a wireless access point (AP). An AP acts as a central transmitter and receiver of radio signals. It's typically a small, dedicated piece of hardware supporting Wi-Fi wireless standards. You can buy one off the shelf, but the consumer-grade version may not be robust enough to support commercial use. Depending on the volume of expected traffic, a commercial-grade AP may be in order.
The AP in turn connects to a router or gateway which in turn connects to the Internet backhaul connection. This could also be an off-the-shelf item --- in fact, most "wireless routers" found today are simply a wired router with an AP built in to serve Wi-Fi client systems. May companies today handle this by selling a full-kit to handle what you need, a "hotspot-in-a-box."
Then there comes the issue of security. As much as you want to protect your end-users, the strange thing is, turning on security usually makes it a lot harder for casual user to connect to the wireless hotspot you're trying to set up.
When using wired equivalent privacy (WEP) or Wi-Fi Protected Access (WPA), for instance, an end-user must configure settings which, while not inherently difficult, can nonetheless be confusing and time consuming. When customers have trouble connecting to the network, they ask questions that the baristas can't answer, and pretty soon, no one is happy. So hotspot operators often opt for less security rather than more, and cover themselves with disclaimers.
Take for instance the nationwide Wi-Fi provider T-Mobile. While the provider stays on top of security needs, it nonetheless states in its online disclaimer: "The T-Mobile HotSpot network is based on evolving wireless technology and is not inherently secure. We therefore cannot guarantee the privacy of your data and communications while using the HotSpot service." Meaning: Play at your own risk. (T-Mobile, however, is one of the few providers to publicly proclaim that it intends to build in souped up security available to all users.)
For an added measure of protection, the hotspot operator might have a similar disclaimer appear on the front page of anyone joining the network, and might even include an "I agree" button at the bottom of the page. Not that such a thing is strictly legally binding, but it can't hurt.
Hotspots can try to offer further security by handing out passwords that grant network access. These usually are shared WEP passwords, however. This means everyone has access who wants it. While a hacker might not be able to stand on the sidewalk and sniff the network, that same hacker could walk in, get the password and go to work while sipping a cappuccino in the store.
The best security, it seems, is the users' own Internet common sense. Utilize software firewalls like ZoneAlarm or Norton Internet Security and turn off Microsoft's File and Printer Sharing for starters.
One further word of caution. If the same broadband connection is serving the public Wi-Fi network and your back-office operations, it will be important to safeguard that back office data either with a firewall or a gateway, so that public users cannot get into your business systems.
It is worth considering geography. While most small retailers will not have to worry about this, those trying to provide coverage in a larger public space may have to think a bit about network deployment and configuration, especially in a multi-story establishment. You need line of sight between your antenna and your access point, which could matter for those trying to hook up a balcony seating area or a patio with the network.
Overall, though, the physical deployment of a hotspot is virtually a plug-n-play affair these days. Equipment is minimal, cheap and easy to use.